Privacy policy - Confetti Technology AB

Updated: 24 May 2018

  1. General information

    1. We are Confetti Technology AB, company registration number 556964-6465, with registered address at Ripstigen 3, 170 70 Solna, Sweden (“Confetti” “we” or “us”). This document contains a policy statement regarding our collection, use and processing of personal data (“Privacy Policy”).
    2. Our business is to provide a service where individuals and businesses can create event websites, invite guests, manage registrations and sell tickets.
    3. This Privacy Policy is applicable:

      • when you use the Confetti mobile application and our website http://confetti.events/ or specific event sites created on behalf of our customers (together called the “Website”)
      • when you sign up to participate in an event which is created through our service (“Attendee Registration”)
      • when you create an account with us to be able to use our services and create events on your own behalf or behalf of a company you work for (“Account Registration”)

      Depending on how you interact with us, some sections of this Privacy Policy may not apply.

    4. All definitions in this Privacy Policy shall be interpreted in accordance with applicable data protection laws which refers to the Swedish Personal Data Act (1998:204), which implements the EU directive 95/46/EC, and the General Data Protection Regulation (Regulation no. 2016/679) and the Directive on Privacy and Electronic Communications (Directive 2002/58/EC), as well as the national implementations and related national legislation.
  2. Processed data

    In the table below, we have set out details about our processing.

    Source of Data Personal Data Collected Purpose Retention
    Website
    1. Information about your use of the Website
    2. Content that you choose to post, upload and/or contribute to the Website
    3. Technical data, which may include unique device ID, network, IP address, language and operating system
    1. To analyse how our Website is used so that we can improve it
    2. To ensure the technical functioning of the Website and to prevent use of in breach of our terms
    Two years for Google Analytics data and indefinitely with Facebook Pixel data.
    Attendee Registration
    1. First name and last name
    2. Email address
    3. Company
    4. Payment details (bank account and personal identification number)
    5. Other information which may be required due to the nature of the booking which you are asked to provide
    1. To manage your registration
    2. To communicate with you and to enable the company arranging the event to communicate with you
    3. To receive payment from you and transfer it to the arranger
    4. To invite you to future events
    The retention period is set by the organizer of the event.
    Account Registration
    1. First name and last name
    2. Email address
    3. Company
    4. Bank account number (if we sell tickets on your behalf)
    5. Other information which you provide us with may be required due to the nature of our communications and services
    1. To provide our service to you or the company you work for in accordance with our terms
    2. to manage our communication with you
    See section 7
  3. Legal ground

    Consent. When registering to use the Website, creating an Attendee Registration and/or an Account Registration, your consent to the processing of the personal data as set out in this Privacy Policy.

    Fulfilment of contract. We process your personal data related to the Account Registration to be able to provide our services to you (or the company you work for) as set out our terms. We process your personal data related to the Attendee Registration to be able to provide or services to you in accordance with our terms for attendees.

    Legitimate interest. The processing of your personal data is also conducted based on the legitimate interest of our customers to manage their events and our legitimate interest of developing and improving our services and business as well as our Website.

  4. Disclosure of personal data

    1. You can find an up-to date list of who we share your personal data with here.
    2. In addition, your personal data relating to Attendee Registration will be shared with other participants and the person or company arranging the event
    3. Your information may be transferred outside the EU/EEA as some of our service providers are located outside EU/EEA, but only to a country deemed adequate by the European Commission or if we have a transfer mechanism in place in accordance with the legislation of the European Union. Please contact us for further information regarding such transfer.
    4. When using the Website or our services you may be directed to other websites where the personal data collected is outside of our control. The privacy policy of the other website will govern the personal data obtained from you on that website.
    5. We have a payment gateway where a third-party payment service provider will manage your payment. When you submit payment, you also accept the separate terms of the payment provider relating to privacy.
    6. If parts or all assets or shares of Confetti are acquired, user information is likely to be one of the business assets that transferred to the new owner.
  5. Responding to legal requests and preventing harm

    We may access, preserve and share your personal data in response to a legal request (like a search warrant, court order or a subpoena or the like), or when necessary to detect, prevent and address fraud and other illegal activity, to protect ourselves, you and other users, including as part of investigations.

  6. Cookies, pixels and other system technologies

    Like almost every website, our Website uses cookies. You can find our cookie policy here.

  7. Retention

    We store your personal data as long as necessary in order to fulfil the purposes for which it was collected according to this Privacy Policy or as long as we have legal grounds to do so and as set out in the table above. We may also keep anonymous versions of your data and process it for statistical purposes indefinitely as it will no longer constitute personal data.

  8. Children

    The Services are not directed to persons under the age of 13. If you are a parent or guardian of a person under the age of 13 and you become aware of that the child has provided personal data to us without your consent, please contact [email address] to exercise your access, rectification, erasure, limiting of processing and objection rights.

  9. Links to other sites and social plugins


    Our Website uses social plugins from social networks. If you click on one of the buttons, a new window of your browser opens, and the page of the respective social network is opened. On that site, you can login, press like or share button etc. When clicking on plugin links or other links on our Website or in newsletters, the collection of personal data is outside of our control. The policy of the other website will apply for the personal data obtained from you on that website.

  10. Your rights

    1. You have an absolute right to object to the processing of your personal data for direct marketing. You also have the right to recall your prior given consent. The withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal, and we may continue processing your personal data based on other legal grounds, except for direct marketing.
    2. You have the right to request access and further information concerning the processing of your personal data, or request that we correct, rectify, complete, erase or restrict the processing of your personal data. You have the right to obtain a copy of the personal data that we process relating to you free of charge once (1) every calendar year. For any additional copies requested by you, we may charge a reasonable fee based on administrative costs.
    3. If the processing is based on the legal grounds consent or fulfilment of contract you have the right to data portability. Data portability means that you can receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transfer such data to another data controllers.
  11. Contact information


    1. We have created a feature where you can delete your personal data yourself in relation to an event you have signed up to. Please visit the event site and click on the section called “data”. You can of course also choose to contact us as described below if you prefer.
    2. To exercise your rights, or if you have any questions regarding our processing of your personal data, please contact us at the following address support@confetti.events or Confetti Technology AB, Ripstigen 3, 170 70 Solna, Sweden. In your letter/email please state your full name. Note that you should sign the request to receive information of the processing of your personal data yourself.
    3. If you have any complaints regarding our processing of your personal data, you may file a complaint to the competent data protection authority. You can find out more about the local data protection authorities under the following link http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
  12. Notice of changes to the Privacy Policy

    If we make changes to this Privacy Policy, we will notify you through our Website. If your consent is required due to the changes, we will provide you additional prominent notice as appropriate under the circumstances and, ask for your consent in accordance with applicable law.